restrict 192.168.10.0 mask 255.255.255.0 notrust nomodify notrap
The IP range and netmask arguments are obvious. The 3 option flags tell the ntp daemon that none of the machines that might communicate over this subnet are to be trusted as time servers, none of them are to be allowed to update the ntp daemon running on the asterisk server, and none of them will be able to use the trap service for logging purposes.
Finally, I also like to set up a different (from the one used by the phones for SIP and RTP) IP address for the NTP server (so the * box has 2 addresses on the 192.168 net). It goes without saying that the asterisk box must also have a public IP address so that it can synchronize itself with a remote time server. In my setup, I have one net card for the public address, while the 2 192.168 addresses are on a second card.
-- Stephen R. Besch, Ph.D. SachsLab 320 Cary Hall SUNY at Buffalo Buffalo, NY 14214 (716) 829-3289 x106
_______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users